<?php
//database server 
define('db_server', 'localhost'); 

//user, password, and database variables 
$db_user = 'tarja'; 
$db_password = 'krneki';     
$db_dbname = 'SPORTNIK';

function outputQueryResults() {
	 
 if (isset($_POST['submit'])) { // if form has been submitted
 // makes sure they filled it in
 	if(!$_POST['user'] | !$_POST['pass']) {
 		die('You did not fill in a required field.');
 	}
 	// checks it against the database
 	if (!get_magic_quotes_gpc()) {
 		$_POST['user'] = addslashes($_POST['user']);
 	}
 	$check = mysql_query("SELECT * FROM USER WHERE EMAIL = '".$_POST['user']."'")or die(mysql_error());
	 	 //Gives error if user dosen't exist
	$check2 = mysql_num_rows($check);
	
	if ($check2 == 0) {
	 		die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
		}
	while($info = mysql_fetch_array( $check )) 	
	{
		$_POST['pass'] = stripslashes($_POST['pass']);
		$info['GESLO'] = stripslashes($info['GESLO']);
		$_POST['pass'] = md5($_POST['pass']);
		$info['GESLO'] = md5($info['GESLO']);
		//gives error if the password is wrong
		if($_POST['pass'] != $info['GESLO']) {
	 		die('Incorrect password, please try again.');
	 	}
	 	else{
	 		session_start();
	 		$_SESSION['user'] = $_POST['user'];
	 		header( 'Location: ../view/index.php');
	 		die('Prijava uspesna!');
	 	}
 		 //Gives error if user dosen't exist
		$check2 = mysql_num_rows($check);
		}
 }
}
//connect to the database server 
$db = mysql_connect(db_server, $db_user, $db_password); 
if (!$db) { 
   die('Could Not Connect: ' . mysql_error()); 
} else { 
  //echo "Connected Successfully...\n"; 
} 
//select database name 
mysql_select_db($db_dbname); 

//run query and output results 
outputQueryResults(); 

//close database connection 
mysql_close($db);

?>